Social Engineering

As information security measures become more complex and powerful, many criminals and hackers are taking advantage of other kinds of vulnerabilities in what are known as “social engineering” attacks.

If you’ve heard about the rising epidemic of tax fraud, then you’ve seen social engineering in action. These kind of attacks are based on taking advantage of the people and policies that manage computers and information, rather than the machines the information is stored on. Spearphishing, which we’ve mentioned before, is one variety of these attacks but there are others.

For a very public example, look no further than tech reporter Matt Honan, who suffered a catastrophic personal breach in less than a day, due to the efforts of 2 collaborating hackers, neither of whom accessed his computer before gaining his passwords.

As the story shows, by manipulating customer service departments from 2 different companies, the two criminals were able to slash and burn an enormous chunk of the reporter’s digital life. Many of the resulting problems could have been managed or avoided by keeping reliable backups, and by implementing stronger security practices.